General
-
Target
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
-
Size
227KB
-
Sample
220220-kfj2sabfcn
-
MD5
ebb740d3759131a9914b9aea588a246d
-
SHA1
bfd39fa8d787c1ca6f67e33b5426b4e982dca8bc
-
SHA256
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
-
SHA512
95e53db8bfb9f7053d4ac5493853c1bc2b2363b9ff74ce9f992c0f3d28de87b5b20df93b1f4292546fca21bf60038299c6e63c191d9c4355ff860ea250696fb2
Static task
static1
Behavioral task
behavioral1
Sample
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
-
Size
227KB
-
MD5
ebb740d3759131a9914b9aea588a246d
-
SHA1
bfd39fa8d787c1ca6f67e33b5426b4e982dca8bc
-
SHA256
363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
-
SHA512
95e53db8bfb9f7053d4ac5493853c1bc2b2363b9ff74ce9f992c0f3d28de87b5b20df93b1f4292546fca21bf60038299c6e63c191d9c4355ff860ea250696fb2
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-